pki (Services)
Syntax
pki {
auto-re-enrollment {
certificate-id {
ca-profile ca-profile-name;
challenge-password password;
re-enroll-trigger-time-percentage percentage;
re-generate-keypair;
validity-period days;
}
}
ca-profile ca-profile-name {
ca-identity ca-identity;
enrollment {
url url-name;
retry number-of-enrollment-attempts;
retry-interval seconds;
}
revocation-check {
disable;
crl {
disable on-download-failure;
refresh-interval hours;
url {
url-name;
password;
}
}
}
}
traceoptions {
file filename <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;
flag flag;
}
}
Hierarchy Level
[edit security]
Description
Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.
Configure an IPsec profile to request digital certificates for J Series Services Routers and Adaptive Services (AS) and MultiServices PICs installed in M Series and T Series routers.
Options
The remaining statements are explained separately.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 7.5.
revocation-check and crl statements
added in Junos OS Release 8.1.